Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add file access check to IIIF manifest generation. #884

Merged
merged 2 commits into from
Aug 31, 2022
Merged

Add file access check to IIIF manifest generation. #884

merged 2 commits into from
Aug 31, 2022

Conversation

adam-vessey
Copy link

@adam-vessey adam-vessey commented Jul 14, 2022
edited
Loading

GitHub Issue: Islandora/documentation#2134

  • Other Relevant Links (Google Groups discussion, related pull requests,
    Release pull requests, etc.)

What does this Pull Request do?

Prevent the inclusion of files to which a user may not have access in IIIF manifests.

What's new?

Performs an access check before returning things.

  • Does this change add any new dependencies? No.
  • Does this change require any other modifications to be made to the repository
    (i.e. Regeneration activity, etc.)? No.
  • Could this change impact execution of existing code? Should not.

How should this be tested?

Use some mechanism (e.g., embargoes) to apply file access controls, and ensure that multi-page viewers should follow suit (single/non-manifest version handled in Islandora/openseadragon#42).

For testing, adding a small hook_file_access() blurb to your code somewhere is probably easiest, such as:

function islandora_file_access($entity, $op) {
  if ($op == 'view') {
    if (in_array($entity->id(), [
      # These are file IDs to test being restricted: change as necessary to target the files
      # being shown in your environment. May also have to clear cache when changed?
      1,
      2,
      3,
    ])) {
      return AccessResult::forbidden('No touchy.')->addCacheableDependency($entity);
    }
  }
  return AccessResult::neutral()->addCacheableDependency($entity);
}

Documentation Status

  • Does this change existing behaviour that's currently documented?
  • Does this change require new pages or sections of documentation?
  • Who does this need to be documented for?
  • Associated documentation pull request(s): ___ or documentation issue ___

Additional Notes:

Any additional information that you think would be helpful when reviewing this
PR.

Interested parties

Tag (@ mention) interested parties or, if unsure, @Islandora/8-x-committers

This was referenced Jul 14, 2022
Merged
Closed
@adam-vessey adam-vessey marked this pull request as ready for review July 18, 2022 19:14
@jordandukart
Copy link
Member

Looking good to me.

@nchiasson-dgi
Copy link

Tested this in conjunction with Islandora/openseadragon#41 and Islandora/openseadragon#42 within the islandora-playbook environment. This appears to be functioning as expected when restricting file access.

@seth-shaw-asu seth-shaw-asu self-requested a review August 31, 2022 17:48
seth-shaw-asu
seth-shaw-asu approved these changes Aug 31, 2022
View reviewed changes
Copy link
Member

@seth-shaw-asu seth-shaw-asu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works as advertised.

@seth-shaw-asu seth-shaw-asu merged commit 725b559 into Islandora:2.x Aug 31, 2022
rosiel pushed a commit to rosiel/islandora that referenced this pull request Nov 7, 2022
@adam-vessey @rosiel
Add file access check to IIIF manifest generation. (Islandora#884)
51b359f
rosiel pushed a commit to rosiel/islandora that referenced this pull request Dec 14, 2022
@adam-vessey @rosiel
Add file access check to IIIF manifest generation. (Islandora#884)
e556cbc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seth-shaw-asu seth-shaw-asu seth-shaw-asu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@adam-vessey @jordandukart @nchiasson-dgi @seth-shaw-asu